Ninja is a high-performance C++ vulnerability detection tool that combines static and dynamic analysis with real-time API integration for comprehensive security assessment.
A high-performance vulnerability detection tool written in C++.
Ninja is designed for security professionals and developers who need to identify vulnerabilities such as memory leaks, buffer overflows, and injection flaws in their codebases. It is particularly useful for those seeking an integrated solution that combines static and dynamic analysis with up-to-date vulnerability data from trusted sources like the National Vulnerability Database.
Ensure Z3 and cURL are properly installed and accessible in your system PATH to avoid build failures. Keep API keys secure and avoid committing them to public repositories. Be mindful of API rate limits when fetching vulnerability data, and consider implementing caching for production use.
Install Z3 Theorem Prover: sudo apt-get install z3 or download from https://github.com/Z3Prover/z3
Install cURL library: sudo apt-get install libcurl4-openssl-dev
Add JSON for Modern C++ (nlohmann/json) to CMakeLists.txt using FetchContent
Install CMake: sudo apt-get install cmake
Clone the repository: git clone https://github.com/zeusssz/Ninja.git
Navigate into the project directory: cd Ninja
Create build directory: mkdir build
Enter build directory: cd build
Run CMake to configure the project: cmake ..
Build the project: make./Ninja
Runs Ninja performing default static analysis
./Ninja --file <source-code-path> --api <nvd-api-url>
Runs Ninja on specified source code and fetches vulnerability data from the given API URL
./Ninja --dynamic
Extends analysis to include dynamic analysis for runtime errors and resource leaks